John J. Mulligan, executive Vice President and Chief Financial Office of the Target Corporation, listens on Capitol Hill in Washington, Tuesday, Feb. 4, 2014, while testifying before the Senate Judiciary ... more

John J. Mulligan, executive Vice President and Chief Financial Officer of the Target Corporation, right, listens to his attorney Stuart Ingis, on Capitol Hill in Washington, Tuesday, Feb. 4, 2014, prior to ... more

John J. Mulligan, executive Vice President and Chief Financial Officer of the Target Corporation, testifies on Capitol Hill in Washington, Tuesday, Feb. 4, 2014, before the Senate Judiciary Committee hearing on ... more

From left, John J. Mulligan, executive Vice President and Chief Financial Office of the Target Corporation; Michael R. Kingston, senior Vice President and Chief Information Officer the Neiman Marcus Group; ... more

Photo: Pablo Martinez Monsivais

Image 8 of 15

John J. Mulligan, executive Vice President and Chief Financial Office of the Target Corporation,left, and Michael R. Kingston, senior Vice President and Chief Information Officer of the Neiman Marcus Group, take their seats on Capitol Hill in Washington, Tuesday, Feb. 4, 2014, prior to testifying before the Senate Judiciary Committee hearing on data breaches and combating cybercrime. (AP Photo/Pablo Martinez Monsivais) ORG XMIT: DCPM107 less

John J. Mulligan, executive Vice President and Chief Financial Office of the Target Corporation,left, and Michael R. Kingston, senior Vice President and Chief Information Officer of the Neiman Marcus Group, ... more

John J. Mulligan, executive Vice President and Chief Financial Office of the Target Corporation testifies on Capitol Hill in Washington, Tuesday, Feb. 4, 2014, before the Senate Judiciary Committee hearing on ... more

John J. Mulligan, executive Vice President and Chief Financial Office of the Target Corporation is sworn-in on Capitol Hill in Washington, Tuesday, Feb. 4, 2014, prior to testifying before the Senate Judiciary ... more

John J. Mulligan, executive Vice President and Chief Financial Office of the Target Corporation, listens on Capitol Hill in Washington, Tuesday, Feb. 4, 2014, during the Senate Judiciary Committee hearing on ... more

John J. Mulligan, executive Vice President and Chief Financial Office of Target Corporation, left, and Michael R. Kingston, senior Vice President and Chief Information Officer of the Neiman Marcus Group, are ... more

Photo: Pablo Martinez Monsivais

Image 15 of 15

Target bolsters its data security

1 / 15

Back to Gallery

Washington

An executive of Target Corp. said Tuesday the retailer has taken actions to shore up security following the massive breach of millions of consumers' data during the holiday season.

The testimony at a Senate hearing by John Mulligan, executive vice president and chief financial officer at the No. 2 U.S. discounter, also revealed that Target discovered an additional 25 cash registers infected by malicious software on Dec. 18. The company had said earlier that it had removed all the malware from its system by Dec. 15.

Mulligan's testimony before the Senate Judiciary Committee was the first public appearance by a Target executive addressing the issue since the breach that occurred between Nov. 27 and mid-December. An estimated 40 million credit and debit card accounts were affected.

Mulligan said Target is "deeply sorry" for the effect of the data theft on consumers, and he acknowledged that their confidence in the Minneapolis-based company has been shaken.

Sen. Patrick Leahy, D-Vt., the panel's chairman, said the erosion of consumers' confidence — with data breaches on the rise affecting retailers, Internet companies and others — could hinder the U.S. economy's recovery.

Senators pressed Mulligan and Michael Kingston, senior vice president and chief information officer at Neiman Marcus Group Inc., about how quickly they notified customers of the breaches.

Mulligan said Target executives were told on Dec. 12 by the Justice Department of suspicious activity involving payment cards. The company started an investigation, removed malware and publicly announced the data theft on Dec. 19.

A processing firm told Neiman Marcus of a problem on Dec. 13, and the company's investigators made a report on Jan. 2, Kingston said. Customers were notified on Jan. 10. The malware causing the breach appeared to have been operating in many Neiman Marcus stories between July and October, Kingston said.